On Mon, Oct 21, 2013 at 05:01:45PM +0300, Maksim Kulik wrote:
> I have postfix 2.10 on freebsd 9.2.
Which 2.10? (2.10.0, 2.10.1, 2.10.2?)
Which version of OpenSSL?
> When i try to send some emails, i get following in mail log:
>
> smtp[7038]: > imx6.ngs.ru[195.19.71.16]:25: EHLO 1gb.by
> smtp[7038]: < imx6.ngs.ru[195.19.71.16]:25: 250-imx6.ngs.ru
> smtp[7038]: < imx6.ngs.ru[195.19.71.16]:25: 250-SIZE 40960000
> smtp[7038]: < imx6.ngs.ru[195.19.71.16]:25: 250-ETRN
> smtp[7038]: < imx6.ngs.ru[195.19.71.16]:25: 250-ENHANCEDSTATUSCODES
> smtp[7038]: < imx6.ngs.ru[195.19.71.16]:25: 250-8BITMIME
> smtp[7038]: < imx6.ngs.ru[195.19.71.16]:25: 250-DSN
> smtp[7038]: < imx6.ngs.ru[195.19.71.16]:25: 250 STARTTLS
> smtp[7038]: server features: 0x901b size 40960000
> smtp[7038]: smtp_stream_setup: maxtime=300 enable_deadline=0
> smtp[7038]: > imx6.ngs.ru[195.19.71.16]:25: STARTTLS
> smtp[7038]: < imx6.ngs.ru[195.19.71.16]:25: 220 2.0.0 Start TLS
> smtp[7038]: send attr request = seed
> smtp[7038]: send attr size = 32
> smtp[7038]: private/tlsmgr: wanted attribute: status
> smtp[7038]: input attribute name: status
> smtp[7038]: input attribute value: 0
> smtp[7038]: private/tlsmgr: wanted attribute: seed
> smtp[7038]: input attribute name: seed
> smtp[7038]: input attribute value:
> RW5yuoKfeonUvpgq0BdCuA+TZeEsKcnC5boyBvJUgg0=
> smtp[7038]: private/tlsmgr: wanted attribute: (list terminator)
> smtp[7038]: input attribute name: (end)
The SMTP client obtained fresh seed material for its from tlsmgr(8) while
getting ready to start a new TLS session.
> Oct 21 16:56:27 1gb postfix/qmgr[1889]: warning: private/smtp socket:
> malformed response
> Oct 21 16:56:27 1gb postfix/qmgr[1889]: warning: transport smtp failure --
> see a previous warning/fatal/panic logfile record for the problem
> description
> Oct 21 16:56:27 1gb postfix/master[1883]: warning: process
> /usr/local/libexec/postfix/smtp pid 7038 killed by signal 11
It then segfaulted in the SSL library.
> Oct 21 16:56:27 1gb postfix/error[7079]: D28CC77F: to=<xx...@ngs.ru>,
> relay=none, delay=16581, delays=16572/8.6/0/0.02, dsn=4.3.0,
> status=deferred (unknown mail transport error)
>
> Postfix runs in non-chrooted environment. How can I fix it?
A stack trace of the segfault is the key piece of information needed
to make progress.
- Make sure Postfix is compiled with debug symbols.
- If possible deploy an openssl library with debug symbols.
- Configure a clone of the "smtp" transport (call it "tlsdebug")
for mail delivery to ngs.ru.
tlsdebug unix - - n - 1 smtp -D
-o smtp_tls_loglevel=2
- Follow the instructions in
http://www.postfix.org/DEBUG_README.html#auto_trace
to attach gdb to the smtp client after flushing the message
in question using "postqueue -i D28CC77F". After the segfault
run "bt" (backtrace) to print the stack.
Report the resulting verbose tls logging and stack trace. Report
the FreeBSD version, Postfix version, OpenSSL version, and any
recent changes to your system, when did the problem start happening?
Another option is to download and compile (but not install) the
source for postfix-2.11-20131001, then run the bin/posttls-finger
command:
$ gdb --args posttls-finger -t30 -T 180 -Ldebug ngs.ru
(gdb) run
posttls-finger: Connected to imx6.ngs.ru[195.19.71.16]:25
posttls-finger: < 220 imx6.ngs.ru ESMTP ready
...
posttls-finger: Untrusted TLS connection established to
imx6.ngs.ru[195.19.71.16]:25: unknown with cipher DHE-RSA-AES256-SHA (256/256
bits)
...
posttls-finger: > QUIT
posttls-finger: < 221 2.0.0 Bye
Program exited normally.
(gdb) quit
If the problem is in OpenSSL your posttls-finger may segfault, report the
stack trace (output of "bt")?
--
Viktor.
